cadd5ac7d01e7e6776be4dc88e910563 | Triage

Sharing

General

Target

cadd5ac7d01e7e6776be4dc88e910563
Size

1KB
MD5

cadd5ac7d01e7e6776be4dc88e910563
SHA1

79cf1cc5421ab4a8db237bb3b3e450a0e348af28
SHA256

5fc8ae597891e03ec1ee7faa1654d6a8f03a986c94250186a60b63eb75438dcc
SHA512

66257950c83e584b78fe77c7926bd587d0a78884b497267a8d2d8240ce30115ae530a9fc731d7cbaebc4365e61728e2e119f3519b0aa37835d7a94db2f004b80

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cadd5ac7d01e7e6776be4dc88e910563

Files

cadd5ac7d01e7e6776be4dc88e910563
.sys windows:4 windows x86 arch:x86

b68483fae148bbb5cf9f3ac6d5e15644

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwWriteFile
ZwReadFile
ZwQueryValueKey
ZwQueryInformationFile
ZwOpenKey
ZwOpenFile
ZwCreateFile
ZwClose
RtlZeroMemory
RtlInitUnicodeString
ExFreePool
ExAllocatePool

Sections

.text
Size: 608B - Virtual size: 604B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 320B - Virtual size: 302B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 64B - Virtual size: 50B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ